Australia's #1 Podcast Dedicated to Digital Identity

Listen now

Your Privacy, Your Control

Learn how we assist you to manage your data in our privacy policy.

hero banner hero banner

Privacy Policy

No. 001/Privy-AU/Policy/III/2024

Effective Date: 1 February 2024

Privy Australia Pty Ltd (hereinafter referred to as "Privy") is regulated under the Privacy Act 1988 (Cth). This Privacy Policy applies to personal information handled by Privy through the https://privy.com.au/ site, its derivative sites, as well as the Privy Application (hereinafter referred to as the “Site” and “Application” respectively). This Privacy Policy also applies to other Privy services, including PrivySign, and other services provided by Privy over time. The Site, the Application, and these other Privy services are hereinafter referred to together as the “Privy Services”.

This Privacy Policy is intended to provide users of the Privy Services (hereinafter referred to as “Users”) with information regarding how Privy undertakes the collection, processing, disclosure, retention, analysis, erasure, and/or destruction of personal information from Users (hereinafter referred to as the “Processing” or “To Process” or “Being Processed”).

As noted in section 8 below, we reserve the right to modify or amend this Privacy Policy from time to time. This Privacy Policy was last updated on the Effective Date.

  1. PERSONAL INFORMATION PROCESSED BY PRIVY

Privy may collect, hold, and Process the following kinds of information:

a. At the time of User Account Creation for Privy

Users are required to provide personal information for the purpose of creating a Privy account ("Basic Data"). This includes personal information such as:

      1. Full Name;
      2. Place and Date of Birth;
      3. Phone numbers; and/or
      4. Email addresses.

Privy will allow the User to choose one of the available verification level categories, which is determined based on the assurance level and verification requirements.

To use a verified Electronic Signature and to be a verified User based on the verification level categories mentioned above, the User agrees to provide additional personal information, including but not limited to:

      1. Copies of identification documents, which may include Driver’s License and/or Passports; and/or
      2. Biometric data, for the purposes of facial recognition, face matching, liveness detection, and eye/retina recognition.

In collecting personal information above, Privy may incidentally collect sensitive information from Users, including information about a User's racial or ethnic origin and/or religious beliefs or affiliations.

b. Data that Privy collects automatically

When Users use Privy Services, Privy will automatically collect information such as IP addresses, login information, geolocation, browser client & version, timestamp of activities, operating system, and User transaction data related to the use of Privy Services.

c. Data that Privy collects from third parties

Users can create a Privy Account through a third party to access or use the services provided by that third party. Where this occurs, the third  party that provides the Privy Account creation service is the registration authority. The registration authority will then forward the User personal information at the time of registration to Privy to create a User's Privy Account.

d. Cookies

In providing Privy Services, Privy uses cookies to improve the quality of the Privy Services and to recognize and remember certain information on a User's browser (including session management, service personalization, and User activity recording). Users can choose to disable cookies in the User's browser, however doing so may cause limitations to certain functions of the Site's services.

  1. PURPOSE OF PERSONAL INFORMATION PROCESSING FOR USER

Privy collects, holds, uses, and processes User personal information for the following purposes:

a. To provide Privy Services, such as:

      1. Issuing PrivyIDs and creating Privy Accounts.
      2. Collecting, recording, and analyzing data related to user activities involving the Privy Services.
      3. Notifying Users regarding transactions and/or activities occurring within the Privy Application or other systems connected to the Privy Application.

b. To provide information to Users about the Privy Services, including updates, developments, and/or enhancements to the Privy Services, or services provided by third parties collaborating with Privy.

c. To perform audits, analysis related to the development, maintenance, testing, troubleshooting, enhancement, and customization of the Privy Services to meet the needs and preferences of Users and fulfill the requirements and/or standards under the applicable laws and regulations.

d. Where required, to comply with law or the requests of public authorities (including courts and government agencies).

e. To improve the Privy Application and/or Service for Users and/or third parties collaborating with Privy.

f. To process User requests in connection with the Privy Services, including to access, correct, update, and/or delete/destroy Users' personal information within the Privy system, as well as contacting Users to respond to questions or suggestions.

  1. DISCLOSURE OF USER PERSONAL INFORMATION

Privy may disclose User's personal information for the following purposes and for other purposes permitted by applicable laws and regulations:

a. To enable Privy to provide the Privy Services and/or to perform or render services to the User, including but not limited to disclosures to:

i. Companies within the Privy Group

ii. Other Users, as parties directly associated with the User in relation to the User’s utilization of the Privy Services;

iii. Agents, contractors, or third parties who provide services to Privy to enable Privy to provide services to its Users. These Agents, contractors, or third parties may render services to Privy in the form of verification and authentication (including, for example, identity verification service providers and Gateway Service Providers (GSP) for the Australia Document Verification Service (DVS)), analysis, promotions, fraud detection, payment, or other User support services.

iv. The organization or legal entity to which a User is associated and registered through the Privy Services (if any).

b. To comply with laws and regulations, including where required for law enforcement and/or preventive measures in connection with unlawful activities, alleged criminal acts, legal violations, or legislative regulations.

c. To conduct activities of consolidation, merger, acquisition, buying and selling assets, restructuring, financing, or any other corporate actions in accordance with the applicable laws and regulations.

d. Privy may disclose personal information outside the territory of Australia in connection with the Privy Services (such as to members of the Privy Group located overseas). For example, in connection with the provision of the Privy web application product, Privy may disclose personal information to Privy Indonesia.

In the event that a User grants consent to a third party to utilize the User's Privy Account to access services provided by a third party, any utilization of the User’s personal information by the third party will be subject to the terms and conditions and/or privacy policy of the third party and Privy is not responsible for the privacy practices of those third parties. Privy recommends that Users review the terms and conditions and/or privacy policies of each third party that the User engages with.

  1. SECURITY OF USER PERSONAL INFORMATION

Privy has implemented security and storage measures to protect the confidentiality of User personal information held by Privy. Any content uploaded and sent by Users to the Privy Service is stored securely by Privy and sent confidentially using industry standards for securing electronic information. Privy is ISO 27001:2013 certified regarding Information Security Management Systems and ISO 27701:2019 regarding Privacy Information Management System.

The User is responsible for maintaining the security of the device used to access the Privy Services, and the confidentiality of the User's Privy Account details, including the User's password and any One Time Password (OTP) that Privy may send to the User over time.

  1. USER RIGHTS TO REQUEST ACCESS AND CORRECTION

Upon User request, Privy will provide Users with the ability to access and correct the User's personal information that Privy holds. If a User wishes to access or correct their personal information held by Privy, the User should submit the request to Privy using the details set out in section 5 (a) and (b) below:

    1. Access Request

      Users may request and obtain a copy of the User’s personal information stored within the Privy system. Granting access and a copy of data to Users will be carried out in accordance with the provisions of the applicable laws and regulations. Privy will provide such access unless exempted by law and/or regulation.

    2. Change Request

      Users may request to change, correct, add, update, complete, and/or rectify any errors or inaccuracies regarding the User's personal information stored within the Privy system. Any changes to Basic Data can only be made by giving notice to Privy through Privy’s contact details set out in section 6b below. Other categories of personal information can be updated through the Privy Application. Any changes to e-mail address and/or mobile numbers can be made by the Users through the User’s Account, following the verification of the User's biometric data. Privy reserves the right to request supporting documents and/or verify changes, additions, or updates to such information and personal information in accordance with Privy's procedures. Implementation of the change requests will be carried out in accordance with the applicable laws and regulations.

    3. Anonymity

      Where possible, Privy will allow you to interact with us anonymously or using a pseudonym. For example, if you contact Privy with a general inquiry, we will not ask for your name unless we need it to adequately handle your inquiry. However, as noted above, for most of our activities and services, we usually need your name and contact information.

  1. CONTACT AND NOTIFICATIONS

a. Notice from Privy

Every notification from Privy addressed to Users will be announced on the Site and sent via e-mail, Short Message Service (SMS), or push notifications through the Privy Application installed on the User's device registered with Privy.

b. Notice from User

If a User wishes to contact Privy or submit a complaint with regards to Privy's collection, use or handling of personal information, Users may contact Privy via the e-mail address support@privy.com.au or at dpo@privy.com.au and/or through a physical document sent to Privy Australia Pty Ltd with the address International Towers Two, Suite 1, Level 39, 200 Barangaroo Avenue, Sydney NSW 2000.

If you submit a complaint, we will endeavour to respond within 30 days. If you are dissatisfied with our response, you have the right to submit a complaint to the Office of the Australian Information Commissioner through the following contact information:

      • Phone : 1300 363 992;

      • Fax : +61 2 6123 5145

      • Email : enquiries@oaic.gov.au

      • Post : GPO Box 5228 Sydney NSW 2001

  1. PRIVY GROUP

The following entities are listed as parts of the Privy Group:

      1. PT Privy Identitas Digital (Indonesian legal entity)
      2. Privy Australia Pty Ltd (Australian legal entity)
  1. CHANGES

Privy may review and change this Privacy Policy from time to time to ensure that the provisions of this Privacy Policy remain consistent with the evolving nature of Privy Services in the future and/or in the event of changes to applicable laws and regulations. In relation to such changes, Privy will notify Users about the changes through notifications as set out in Article 6.

Users should periodically review this Privacy Policy to be informed of the latest changes to this Privacy Policy from time to time.